[Openstack-operators] Migrating keystone from MySQL to LDAP

Fischer, Matt matthew.fischer at twcable.com
Mon Mar 2 16:25:24 UTC 2015


What are you going to use LDAP for? Identity/Assignment/both?

Do you have unfettered write access into your LDAP?

We use a hybrid driver that will auth against mySQL and LDAP so we can
setup service accounts (like nova, neutron, etc).

AFAIK LDAP Assignment is being deprecated because nobody uses it.

On 3/2/15, 8:36 AM, "Caius Howcroft" <caius.howcroft at gmail.com> wrote:

>Hi,
>
>We are in the process of migrating off MySQL backend for keystone and
>into LDAP. Just wondering if anyone ad any experience with this? I'm
>going to have to keep all the id's the same (or else go in and change
>project ids etc in things like cinder db). Looks like keystone API
>doesn't allow me to force a uuid at creation time for projects, roles
>and users. I can go in and create the projects etc in a python script
>directly, but thats a bit messy.
>
>Just wondered if anyone had a done this and had a neater solution?
>
>Caius
>--
>
>_______________________________________________
>OpenStack-operators mailing list
>OpenStack-operators at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.



More information about the OpenStack-operators mailing list